tracing fix for 6.16:

- Do not free "head" variable in filter_free_subsystem_filters()
 
   The first error path jumps to "free_now" label but first frees the newly
   allocated "head" variable. But the "free_now" code checks this variable,
   and if it is not NULL, it will iterate the list. As this list variable
   was already initialized, the "free_now" code will not do anything as it
   is empty. But freeing it will cause a UAF bug. The error path should
   simply jump to the "free_now" label and leave the "head" variable alone.
 -----BEGIN PGP SIGNATURE-----
 
 iIoEABYKADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCaExH8RQccm9zdGVkdEBn
 b29kbWlzLm9yZwAKCRAp5XQQmuv6qs+DAQDWBAAmviDcMb+e+9uZi8rR8+Aj+j5S
 efPe/g4D2otl5QD/T7u5TZFrSOZfl4Gv9Z1ZWhKj+xfw3FiphODrzHdcsgo=
 =eP9r
 -----END PGP SIGNATURE-----

Merge tag 'trace-v6.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace

Pull tracing fix from Steven Rostedt:

 - Do not free "head" variable in filter_free_subsystem_filters()

   The first error path jumps to "free_now" label but first frees the
   newly allocated "head" variable. But the "free_now" code checks this
   variable, and if it is not NULL, it will iterate the list. As this
   list variable was already initialized, the "free_now" code will not
   do anything as it is empty. But freeing it will cause a UAF bug.

   The error path should simply jump to the "free_now" label and leave
   the "head" variable alone.

* tag 'trace-v6.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
  tracing: Do not free "head" on error path of filter_free_subsystem_filters()

kernel/trace/trace_events_filter.c

@@ -1437,10 +1437,8 @@ static void filter_free_subsystem_filters(struct trace_subsystem_dir *dir,
 	INIT_LIST_HEAD(&head->list);
 
 	item = kmalloc(sizeof(*item), GFP_KERNEL);
-	if (!item) {
-		kfree(head);
+	if (!item)
 		goto free_now;
-	}
 
 	item->filter = filter;
 	list_add_tail(&item->list, &head->list);